WordPress Forms by Pie Forms plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions prior to Forms by Pie Forms plugin 1.4.9.4, whi...

WordPress Ninja Forms plugin <= 3.6.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Adel WordPress Ninja Forms plugin versions = 3.6.9. Solution Update the WordPress Ninja Forms plugin to the latest available version at least 3.6.10...

Ninja Forms < 3.6.10 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape field labels, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. As admin, put the following payload in a field label: The XSS will be triggered when editing the form, as well as in...

Open Forms 代码问题漏洞

Open Forms is Open Formulieren open source an intelligent dynamic form . Used to quickly create powerful and intelligent forms exposed through the API . Open Forms versions prior to 1.1.1 have a code issue vulnerability that stems from insufficient input validation of uploaded files...

Open Forms 输入验证错误漏洞

Open Forms is Open Formulieren open source an intelligent dynamic form . Used to quickly create a powerful and intelligent forms exposed through the API . A security vulnerability exists in Open Forms versions prior to 1.0.9 and 1.1.1. An attacker could exploit this vulnerability by injecting a...

WordPress Ninja Forms plugin <= 3.6.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Adel in WordPress Ninja Forms plugin versions = 3.6.9. Solution Update the WordPress Ninja Forms plugin to the latest available version at least 3.6.10...

Ninja Forms < 3.6.10 - Admin+ Stored Cross-Site Scripting via Import

The plugin does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC - Make a test form and then export it to your system. - Edit the file and enter an XSS payload like "...

Ninja Forms < 3.6.10 - Admin+ Stored Cross-Site Scripting via Import

The plugin does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. - Make a test form and then export it to your system. - Edit the file and enter an XSS payload like "img src=x...

Wolters Kluwer TeamMate Audit SQL Injection Vulnerability

Wolters Kluwer TeamMate Audit is a cloud-based audit management tool from Wolters Kluwer Netherlands. A SQL injection vulnerability exists in Wolters Kluwer TeamMate Audit version 28.0.19.0, which stems from a lack of filtering and escaping of SQL data in search forms. An attacker could use this...

WordPress Forms by Pie Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions prior to Forms by Pie Forms plugin 1.4.9.4, whi...

WordPress Ninja Forms Contact Form plugin <= 3.6.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas Patchstack Alliance in WordPress Ninja Forms Contact Form plugin versions = 3.6.9. Solution Update the WordPress Ninja Forms Contact Form plugin to the latest available version at least 3.6.10...

GHSA-V8X6-59G4-5G3W Denial of service binding form from JSON in Play Framework

Impact A denial-of-service vulnerability has been discovered in Play's forms library, in both the Scala and Java APIs. This can occur when using either the FormbindFromRequest method on a JSON request body or the Formbind method directly on a JSON value. If the JSON data being bound to the form...

Denial Of Service (DoS)

.NET and Visual Studio is vulnerable to Denial of Service. The vulnerability exists due to a flaw was found in dotnet allowing an attacker to crash the system by parsing HTML forms...

Design/Logic Flaw

Play Framework is a web framework for Java and Scala. A denial of service vulnerability has been discovered in verions 2.8.3 through 2.8.15 of Play's forms library, in both the Scala and Java APIs. This can occur when using either the FormbindFromRequest method on a JSON request body or the...

CVE-2022-31018

CVE-2022-31018 affects Play Framework forms library (versions 2.8.3–2.8.15) for Java/Scala. The vulnerability is triggered when binding deeply nested JSON via Form.bindFromRequest or Form.bind on a JSON value, which may exhaust heap memory and crash the app (OutOfMemoryError) if run on the defaul...

Neos 跨站脚本漏洞

Neos/forms is an open source framework for building web forms. A security vulnerability exists in Neos CMS versions 3.3.29 and 8.0.1, which stems from the presence of multiple cross-site scripting vulnerabilities...

Oracle Fusion Middleware Unspecified Vulnerability

Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to Designer...

Drupal Core Cross-site scripting vulnerability

Cross-site scripting vulnerability in Drupal Core allows an attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.X versions prior to 8.8.10; 8.9.X versions prior to 8.9.6; 9.0.X versions prior to 9.0.6...

Gravity Forms stored Cross-Site Scripting (XSS) vulnerability

A stored Cross-Site Scripting XSS vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role Administrator, Editor, etc...

Gravity Forms stored Cross-Site Scripting (XSS) vulnerability in the survey feature

A stored Cross-Site Scripting XSS vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role Administrator, Editor, etc...